On May 03, 2016 ImageMagick team found some important security issues in all of their versions. Here I’m going to point out the fixes the released for this problem. cPanel also released security updates against this vulnerability.

One of the reported vulnerabilities can potentially be exploited for remote code execution (RCE).

Fix for cPanel server

cPanel Security Team – CVE-2016-3714 ImageMagick

Troubleshooting steps:

How to determine if your server is up to date?

The updated RPMs provided by cPanel will contain a changelog entry with a CVE number. To view this changelog entry run the following command:

rpm -q --changelog cpanel-ImageMagick | grep CVE-2016-3714

The output should resemble below:

- - - Apply workaround for CVE-2016-3714

What to do if you are not up to date?

In a cPanel server an UPCP will patch the vulnerable version of ImageMagick. To upgrade your server, navigate to WHM’s Upgrade to Latest Version interface (Home >> cPanel >> Upgrade to Latest Version) and click ‘Click to Upgrade’. You can do this from commandline too by executing the following command: